Home

Forums

Stories

Knowledge Base

Business Community > All Threads > IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

< All Threads

IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

WiFi_Done_Right

2024-08-07 12:06:59

Posts: 22

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2022-09-14

IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

2024-08-07 12:06:59

Model: TL-SG3210XHP-M2

Hardware Version: V1

Firmware Version: 1.0.13 Build 20230602 Rel.76586

I'm trying to figure out how come I can't seem to add a switch ACL rule.

I have 4 active ACL rules and when I try to turn on the 1st rule, I get the message - IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit.

All firmware is up-to-date for every component.

The client setup is as follows:

Router - ER8411 v1.0

Controller - OC300 1.0 (with Controller Version 5.14.26.23)

Switch - TL-SG3210XHP-M2 v1.0

APs - EAP 683UR x 4 units

I have a similar ACL configuration at another site using OC200, ER605 and TL-SG2210MP and all 5 rules work and can be enabled on the switch.

Appreciate if anyone with a similar setup can assist me.

Much thanks

6 Reply

WiFi_Done_Right

LV2

2024-08-08 12:37:27

Posts: 22

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2022-09-14

Re:IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

2024-08-08 12:37:27

Does anyone have anything on this? I'm sure I cannot be the only one facing this...

Clive_A

2024-08-09 01:57:21

Posts: 4984

Helpful: 2308

Solutions: 1102

Stories: 0

Registered: 2023-06-09

Re:IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

2024-08-09 01:57:21

Hi @WiFi_Done_Right

Thanks for posting in our business forum.

Run the CLI.

Related commands can be, for extra details, please see the CLI User Guide.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

WiFi_Done_Right

LV2

2024-08-09 04:39:57

Posts: 22

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2022-09-14

Re:IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

2024-08-09 04:39:57

Hi @Clive_A

Thank you for the reply and for the CLI suggestion.

However, may I know what I am looking for in the first place?

Your suggestion doesn't explain why 5 ACLs work in one setting and not in another when the hardware specification is even higher.

The screenshot below is the same 5 ACL rules of the following setup

ER605 v2.0

OC200 v2.0 (controller version 5.14.26.23)

TL-SG2210MP v3.0

Clive_A

2024-08-09 05:54:13

Posts: 4984

Helpful: 2308

Solutions: 1102

Stories: 0

Registered: 2023-06-09

Re:IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

2024-08-09 05:54:13

Hi @WiFi_Done_Right

Thanks for posting in our business forum.

WiFi_Done_Right wrote

Hi @Clive_A

Thank you for the reply and for the CLI suggestion.

However, may I know what I am looking for in the first place?

Your suggestion doesn't explain why 5 ACLs work in one setting and not in another when the hardware specification is even higher.

The screenshot below is the same 5 ACL rules of the following setup

ER605 v2.0

OC200 v2.0 (controller version 5.14.26.23)

TL-SG2210MP v3.0

Is that completely identical ACL for the identical subnet and CIDR? Note that the rule does not mean it is the same codes behind the scenes.

I mean, I created a rule, exactly the same as site A(subnet 192.168.0.1/24). I am on site B while I have a subnet of 192.168.0.1/16. This cannot be the same thing.

Same rule from the GUI level, but not the same thing behind the scenes.

Try this command: sh sdm prefer used

WiFi_Done_Right

LV2

2024-08-10 04:11:22

Posts: 22

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2022-09-14

Re:IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

2024-08-10 04:11:22

Hi @Clive_A

Yes, I am using identical subnets and CIDR, just a different site with higher grade hardware.

The subnets are as follows:

1) 192.168.0.1/24 (Admin LAN)

2) 192.168.10.1/24 (guest),

3) 192.168.20.1/24 (team 1)

4) 192.168.30.1/24 (team 2)

5) 192.168.40.1/24 (team 3)

Unfortunately I cannot access the client site to link up with the switch and perform CLI at the moment.

Are there any steps I can try remotely via the Omada controller?

I have attempted to reset the switch yesterday and re-did the ACLs all over again but still face the same issue.

WiFi_Done_Right

LV2

2 weeks ago - last edited 2 weeks ago

Posts: 22

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2022-09-14

Re:IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

2 weeks ago - last edited 2 weeks ago

Hi @Clive_A Any feedback on this? Would like to know if this is a software or hardware limitation.

WiFi_Done_Right

2024-08-07 12:06:59

Posts: 22

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2022-09-14

Information

Helpful: 0

Replies: 6

IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit

Information

Voters 0

Tags